Bloomreach Experience Manager V14.1.0 Release Notes - Bloomreach Experience Manager - The Fast and Flexible Headless CMS

Bloomreach Experience Manager V14.1.0 Release Notes

RELEASE NOTES

Bloomreach Experience Manager V14.1

Bloomreach Experience Manager Developer Edition V14.1

Highlights for V14.1

Hello all, we have released a new version of Bloomreach Experience Manager (brXM). This minor release introduces new functionality and a number of useful improvements. In this document we will give a brief overview of the highlights in this release. You can also find these release notes at: https://documentation.bloomreach.com/about/release-notes/release-notes-overview.html 

Please note that as a result of our security release policy the public availability of the community source code and artifacts for all active releases will follow in about six weeks. Customers however, have immediate access to these new releases at the release date.

Everything mentioned in this document is an integral part of Bloomreach Experience Manager (brXM) and the developer edition, unless mentioned otherwise. If a feature only applies to brXM and not to the developer edition, this is explicitly mentioned. Features that are mentioned as part of brXM also apply to brX.

Key New Features

Significant improvements to Page Model API

The Page Model API, which enables customers to use Bloomreach Experience and Experience Manager with a decoupled front-end or SPA, has been improved in a number of different areas.

  • We’ve improved the way the Page Model API works with Relevance, to better allow personalization when using a decoupled front-end:

    • The Page Model API now returns the current visit and visitor information in the response

    • The Page Model API now supports visitor identification via custom headers

    • The SPA SDK has two new methods: getVisit and getVisitor 

    • The SPA SDK configuration accepts visitor information as a configuration option

    • The SPA SDK passes the visitor’s remote address in `x-forwarded-for` header

    • We updated the Bloomreach Next.js demo to show how to implement integration with the targeting properly

    • More details can be found in the SDK documentation at [2]. 

  • Delivery Tier Page Model API CORS support has been improved:

    • The Page Model API now fully supports preflight requests

    • The Page Model API automatically returns `Access-Control-Allow-Credentials: true` for OPTIONS requests.

    • The Page Model API supports wildcards in `Access-Control-Allow-Origin` header and introduces `hst:allowedorigins` property

    • The Page Model API supports custom headers (including those for targeting). 

    • These changes simplify the SPA configuration in general because we support wildcard CORS configuration.

  • A number of smaller improvements and bug fixes in the Page Model API output regarding links handling were implemented:

    • Fixed a bug when internal links were marked as externals 

    • The Page Model API now returns fully-qualified URLs for external links 

    • The Page Model API now returns fully-qualified URLs for resource/binaries links

    • More details can be found in the upgrade documentation at [3]

Alphabetical sorting for folders

As of this version, users get the option to set folders to automatically sort their contents in alphabetical order. This is enabled through a new option in the folder context menu:

When setting the folder to automatic sort, subfolders (and documents) will always be displayed in sorted order. This can be enabled or disabled per folder, and it is a global setting that applies to all users. Please note that the repository sort order (in the system back-end) is not affected by this setting.

Use Relevance without Trends and Experiments

We’ve added a configuration option to disable the Trends and Experiments parts of the Relevance feature. The main benefit of this change is that it removes the need for adding an Elasticsearch instance to the system architecture when using Relevance. More details can be found in our documentation at [1].

Ongoing Improvements

For end users

  • After version 14.0 introduced a revamped look and feel, we have continued to improve our User Experience and further improved the UI (User Interface) in a number of places. We have updated the following to use the new 14.0 styling:

    • The Projects feature has been updated.

    • The Menu editor has been updated.

    • A number of dialogs have been updated, these include; the component properties Dialog, the Open UI Dialog, the link picker dialog and the blueprints dialog.

  • Content blocks are now collapsible / expandable, to make them easier to work with in larger documents.

For developers

  • The data load for Projects with many documents was decreased by dropping unused data for building the projects overview and the channel-manager project picker. This is expected to resolve performance issues with having a large set of documents as part of a project. 

  • We’ve made minor improvements to the auto-generated content beans feature:

    • Added getters to dynamic beans for document types from different namespaces (these were not added before). 

    • Fixed dynamic beans generation to work properly for content blocks fields when exposed via Page Model API

  • Support for the autocomplete attribute has been added to Enterprise Forms.

  • A small improvement was added to how auto export deals with the Updater Editor Registry and Blueprints. Entries are now always exported as config, and there is improved separation into separate files.

Notices

MaxMind GeoLite2 location database no longer bundled with Relevance

For out-of-the-box lookup of locations based on IP addresses, previous versions of Bloomreach Experience Manager bundled the MaxMind geolite2 database with the Relevance module. To comply with GDPR and CCPA which will be in effect 2020-01-01 MaxMind is changing the geolite2 licensing [4] requiring an account to download the database. 

Because we can’t comply with the new EULA on behalf of our customers, we can no longer bundle it with our product and instead provide documentation on how bundling can be done in a customer deployment of brXM. This documentation can be found at [5].

Remove Login Page Captcha Configuration

As of Bloomreach Experience Manager 14.1.0, the captcha has been removed from the login page, after discovery that it was not working consistently. We may re-introduce the feature in the future, but for the short term we decided to take it out of the product.

Therefore, if your implementation project configured any of the following two configuration properties at the node /hippo:configuration/hippo:frontend/login/login/loginPage, they should be removed to prevent errors being logged during bootstrap after upgrading to 14.1.

  • Use.captcha

  • Show.captcha.after.how.many.times

Minor release

V14.1 is a minor release so it is backwards compatible with the previous minor release. Also, updating to this version from the previous minor version should be of little effort. Please see the upgrade and update documentation [6] for details. 

Supported Technologies

There are no changes to the supported stack with this release.

The full system requirements can be found in the online system requirements [7]. This page also includes a detailed table of maintained third party compatibility.

End-of-life, support and maintained code

Nomenclature refresher

As the terms ‘end-of-life’, ‘supported’, ‘maintained’ are used in various ways in our industry, we clarify the nomenclature we use for this below.

Supported product version

When a product is supported, this means that the customer will receive help from the helpdesk when issues arise as described in the service level agreement (SLA) that the customer has with Bloomreach. There are several service levels available. 

Please note that if a bug is acknowledged in a supported, but not-maintained version, and a fix is needed, this fix will only be applied in the maintained product versions. This means the customer will need to move to a maintained version to receive the fix. 

Maintained product version

When a product is maintained, the product code is updated and security- and bug fixes are made to the code. For maintained products, the system requirements for third party libraries and components is kept updated as well. Please note that we do not provide support for system requirement providers (e.g. databases, java, etc..), but we only support the usage for mentioned certified system requirement providers. 

If a product is non-maintained, this means that the code is not maintained anymore and therefore might contain bugs and/or security vulnerabilities due to newly discovered issues in our code, or the libraries used.

End-of-life product version

Products that are not maintained and not supported are end-of-life. These might be available from our archives but could be removed without notice.

What does this mean for the current release?

Please note that this release does not change any maintenance or support mode.

In the table below you can find the support status of your product and when support will end; this is dependent on  the version currently being used and license level. Please note that versions that are not listed are not active and not supported, and therefore end-of-life.

If you are on version:

 

You will receive support until the release of version:

 

Version

 

Standard license

Premium license

Maintained

12.0

latest

 

No Support

15.0 GA

Not maintained

12.1

latest

 

No Support

15.0 GA

Not maintained

12.2

latest

 

No Support

15.0 GA

Not maintained

12.3

latest

 

No Support

15.0 GA

Not maintained

12.4

latest

 

No Support

15.0 GA

Not maintained

12.5

latest

 

No Support

15.0 GA

Not maintained

12.6 (LTS)

latest

 

No Support

15.0 GA

Yes, till 15.0 GA

13.0

latest

 

15.0 GA

16.0 GA

Not maintained

13.1

latest

 

15.0 GA

16.0 GA

Not maintained

13.2

latest

 

15.0 GA

16.0 GA

Not maintained

13.3

latest

 

15.0 GA

16.0 GA

Yes, till 14.0 GA

13.4 (LTS)

latest

 

15.0 GA

16.0 GA

Yes, till 16.0 GA

14.0

latest

 

16.0 GA

17.0 GA

Yes, till 14.2 GA

14.1

latest

 

16.0 GA

17.0 GA

Yes, till 14.3 GA

(Orange cells indicate changes compared to the previous release)

Security notes

The following security fixes have been implemented in V14.1:

  • SECURITY-149 - SnakeYaml reported vulnerability CVE-2017-18640 in versions before version 1.18. The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.CWE-776 Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion'). Mitigation: SnakeYaml has been updated to version 1.23.

  • SECURITY-156 - In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a "Content-Disposition" header in the response where the filename attribute is derived from user supplied input. Mitigation: Spring Framework has been updated to 5.1.7-RELEASE.

Customers are advised to upgrade to the latest maintenance versions as soon as possible.

Availability

This version of brXM is available as from February 28th, 2020 onwards. Please note that due to our release policy the release of the open source CMS / developer release will follow in approximately six weeks after this date.

Links

[1] https://documentation.bloomreach.com/library/upgrade-minor-versions/use-relevance-without-elasticsearch.html

[2] https://code.onehippo.org/cms-community-dev/bloomreach-spa-sdk/tree/release/14.1/packages/spa-sdk#configuration

[3] https://documentation.bloomreach.com/library/upgrade-minor-versions/upgrade-14.0-to-14.1.html

[4] https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-geolite2-databases/

[5] https://documentation.bloomreach.com/library/enterprise/enterprise-features/targeting/add-geoip-geolite-database.html

[6] https://documentation.bloomreach.com/about/upgrade/introduction.html  

[7] https://documentation.bloomreach.com/library/about/system-requirements.html

Did you find this page helpful?
How could this documentation serve you better?
On this page
    Did you find this page helpful?
    How could this documentation serve you better?